Bump puma to 6.4.3 for CVE-2024-45614

ManageIQ / manageiq

ManageIQ Open-Source Management Platform

https://manageiq.org

Apache License 2.0

1.35k stars 900 forks source link

Bump puma to 6.4.3 for CVE-2024-45614 #23220

Closed Fryguy closed 1 month ago

Fryguy commented 1 month ago

@jrafanie Please review. master and radjabov security suite are broken because of this.

miq-bot commented 1 month ago

Checked commit https://github.com/Fryguy/manageiq/commit/2920381f270ba17e0bcdd1567ad2a8310022b7f0 with ruby 3.1.5, rubocop 1.56.3, haml-lint 0.51.0, and yamllint 1 file checked, 0 offenses detected Everything looks fine. :star:

Fryguy commented 1 month ago

Backported to radjabov in commit 42368c2eb6f9c7a578f55e30677dd59f01fb14ae.

commit 42368c2eb6f9c7a578f55e30677dd59f01fb14ae
Author: Joe Rafaniello <jrafanie@users.noreply.github.com>
Date:   Tue Oct 1 21:06:33 2024 -0400

    Merge pull request #23220 from Fryguy/bump_puma

    Bump puma to 6.4.3 for CVE-2024-45614

    (cherry picked from commit 7e9ef38b0c82cc9b6496307f708e4108f58348ec)